Where is my mistake in iptables ?

[rozeto]

Hello, guys !
I'm using iptables for my security firewall, but the interesting part is that when i installed webmin on default port 10000, i was able to access the webmin outside, despite my firewall configuration which is configured to DROP by default, and only a few ports are allowed.

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:965
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:8009

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http

[giulix63]

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

This looks like a wide open firewall to me...
[!] --state state
Where state is a comma separated list of the connection states to match. Possible states are
INVALID meaning that the packet could not be identified for some reason which includes running out
of memory and ICMP errors which don't correspond to any known connection, ESTABLISHED meaning that
the packet is associated with a connection which has seen packets in both directions, NEW meaning
that the packet has started a new connection, or otherwise associated with a connection which has
not seen packets in both directions, and RELATED meaning that the packet is starting a new
connection, but is associated with an existing connection, such as an FTP data transfer, or an
ICMP error. UNTRACKED meaning that the packet is not tracked at all, which happens if you use the
NOTRACK target in raw table.

[TrevorH]

Yes, remove NEW from that line.